Mobile device security is top of mind at RSA.
The 20th annual RSA Conference is lumbering into San Francisco next
week. It's huge, face-to-face, dominated by educational tracks, led by
old guys, and run under the auspices of a vendor. How did the RSA
Conference get to be 20 in such good shape?
The RSA Conference is in some ways the opposite of trendy. It's not
hosted in the cloud but is run in-person. The conference is loaded with
graduate-level educational tracks that leave non-mathematicians such as
myself impressed but slightly stunned. Contrary to the hottest
properties in our industry, the conference is not run by a bunch of
guys in their 20s and 30s but rather by guys who've been
around 20 or 30 years.
I can't help but contrast the RSA Conference with an old favorite of
mine, N+I. In its heyday, Networld + Interop's big reason for
being was to serve as a convergence to see if networked computers could
actually interact with each other. Security tools as we know them today
were barely a gleam in anyone's eye. Just getting the equipment to
communicate was a victory. The idea of securing these systems was
usually solved by running them on private networks.
The Internet and public networking changed all that. What would become
the RSA Conference started with a tiny gathering in San Jose, Calif.,
As the public Internet grew and business moved online, it became quite
clear early on that security tools needed to be developed, and quickly.
The marketing battles and practical questions about how best
to secure computing resources ranged from defining the new network
perimeter to the best location for intrusion detection, to performance
questions about antivirus and anti-spam products. N+I basically slipped
beneath the waves as interoperability became the norm. The RSA
Conference has grown because the success of that interoperability still
poses difficult security questions.
I think the big driver in the overall security concern are
transactions. Transactions ranging from e-mail to online banking to
business-to-business interactions all require a fundamental level of
trust to be
successful. For the Internet and corporate networks to provide the
fantastic increase in productivity that we have seen, the
infrastructure must be basically trustworthy and reliable. With fits
and starts, but always with a forward motion, security tools have
succeeded in providing that trust.
At RSA 2011, I'll be looking to see how cloud infrastructure impacts the
security landscape. The concept that employees can use any device to
access the applications they need from any location is pushing the
boundaries of what IT managers must consider when providing a sound
security strategy. In many ways, the cloud removes a number of
problematic security concerns by placing the hard work of securing a
data center in the hands of the cloud provider. However, IT managers still
have a lot to think about.
Just one of those thought-provoking topics concerns user device
management. I'll be looking at mobile management tools, especially
those aimed at phones and tablets, along with the more
established laptop security products. I want to see how our industry is
going to deal with the processor and memory constraints of these mobile
platforms while ensuring that the right person is using the device to
gain access to the right corporate assets.